FTC Proposes Rule to Ban Commercial Surveillance
Source: FTC | Date: 2022-08-11
The Federal Trade Commission has taken significant enforcement action in this case, marking an important development in the agency's increasingly aggressive approach to privacy violations and unfair data practices. This action represents part of a broader pattern of FTC enforcement that has accelerated dramatically in recent years as the agency responds to growing public concern about corporate surveillance and data exploitation.
The FTC's Role in Privacy Enforcement
In the absence of comprehensive federal privacy legislation, the Federal Trade Commission has served as the primary federal privacy regulator in the United States, using its authority under Section 5 of the FTC Act to pursue companies that engage in "unfair or deceptive acts or practices." This authority, while broad, has limitations — the agency cannot impose fines for first-time violations under Section 5, must prove that practices are either deceptive (the company misrepresented its practices) or unfair (the practices cause substantial harm that consumers cannot avoid), and has limited jurisdiction over certain sectors like banking and telecommunications.
Despite these constraints, the FTC has brought hundreds of privacy and data security enforcement actions over the past two decades, establishing a body of case law that effectively functions as a de facto federal privacy standard. The agency's enforcement priorities have evolved from targeting obviously deceptive practices (companies that promised not to share data and then shared it) to challenging more systemic issues like dark patterns, algorithmic discrimination, and the commercial surveillance ecosystem itself.
Details of This Action
This particular enforcement action addresses practices that affected millions of consumers whose data was collected, shared, or monetized in ways they did not understand, consent to, or have the ability to prevent. The complaint alleges that the company engaged in practices that violated consumer trust and, in many cases, violated its own stated privacy policies.
The remedies sought or obtained include substantial monetary penalties (intended to eliminate the financial incentive for privacy violations), injunctive relief (requiring the company to change specific practices), data deletion requirements (ordering destruction of improperly collected data), and ongoing compliance monitoring (requiring regular privacy audits by independent assessors). These remedies are designed not only to address the specific violations at issue but to deter similar conduct by other companies.
Consumer Impact and Recommendations
Consumers affected by this enforcement action should take several steps. First, determine whether you are among the affected individuals — the FTC's website typically provides information about who is affected and what data was involved. Second, if you used the service or product at issue, review and update your privacy settings, change your passwords, and consider whether you want to continue using it. Third, exercise your rights under applicable state privacy laws (CCPA, VCDPA, CPA, etc.) to request deletion of your data.
More broadly, this case serves as a reminder that companies' privacy promises should be verified, not trusted. Read privacy policies before signing up for services, use privacy-focused alternatives where they exist, and file complaints with the FTC when you encounter deceptive or unfair practices. The agency's enforcement agenda is shaped partly by consumer complaints, and reporting violations increases the likelihood of action.
Staying Informed and Taking Action
This development is part of a broader pattern in the evolving digital privacy landscape. As technology companies, governments, and data brokers continue to expand their data collection capabilities, staying informed about privacy developments is essential for protecting yourself and advocating for stronger protections.
Practical steps you can take right now include reviewing your privacy settings on all major platforms, using privacy-focused alternatives for browsing (Firefox, Brave), search (DuckDuckGo), messaging (Signal), and email (ProtonMail). Enable two-factor authentication on all accounts, use a password manager, and regularly audit your digital footprint. Consider supporting organizations like the Electronic Frontier Foundation (EFF), the ACLU, and the Electronic Privacy Information Center (EPIC) that advocate for privacy rights through litigation, legislation, and public education.
File complaints with the FTC, your state attorney general, and relevant regulatory agencies when you encounter privacy violations. Consumer complaints drive enforcement priorities, and every report contributes to the data regulators use to identify patterns and prioritize cases. Document violations thoroughly — screenshots, emails, and timestamps create the evidentiary foundation for regulatory action and litigation.
The privacy landscape is shifting. Increased public awareness, growing regulatory enforcement, and the emergence of privacy-respecting alternatives are creating pressure for change. But lasting improvement requires sustained engagement from informed consumers who understand their rights and exercise them consistently.